> On Mon, Mar 14, 2016 at 10:19:53PM +0100, Theo Buehler wrote:
> > On Thu, Mar 10, 2016 at 12:52:35PM +0100, Marc Espie wrote:
> > > Already shown to a few people, but since pledge(2) aborts on non-dev,
> > > let's
> > > check upfront that we're of the right type.
> > >
> > > I don't think this requires a bump. It doesn't really change the
> > > interface,
> > > just makes it stricter.
> > >
> >
> > If we are going to fix this in userland, I think espie@'s patch is the
> > way to go. I like the idea that opendev(3) validates the file descriptor
> > it returns.
> >
> From the hints I've got from Theo, looks like he wants to do something else
> entirely... don't understand what exactly... but then that's not my area.
I am simply saying that pledge before opendev() makes no sense,
because opendev() does not gaurantee the type of descriptor it is
opening.
===================================================================
RCS file: /cvs/src/sbin/fdisk/fdisk.c,v
retrieving revision 1.99
diff -u -p -u -r1.99 fdisk.c
--- fdisk.c 12 Dec 2015 04:14:36 -0000 1.99
+++ fdisk.c 14 Mar 2016 23:37:39 -0000
@@ -85,10 +85,6 @@ main(int argc, char *argv[])
struct dos_mbr dos_mbr;
struct mbr mbr;
- /* "proc exec" for man page display */
- if (pledge("stdio rpath wpath disklabel proc exec", NULL) == -1)
- err(1, "pledge");
-
while ((ch = getopt(argc, argv, "iegpuvf:c:h:s:l:b:y")) != -1) {
const char *errstr;
@@ -169,6 +165,10 @@ main(int argc, char *argv[])
disk.name = argv[0];
DISK_open(i_flag || u_flag || e_flag);
+
+ /* "proc exec" for man page display */
+ if (pledge("stdio rpath wpath disklabel proc exec", NULL) == -1)
+ err(1, "pledge");
error = MBR_read(0, &dos_mbr);
if (error)
